Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)

Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware (CVE-2018-0732 CVE-2019-1559)

Summary IBM GCM16 & GCM32 and LCM8 & LCM16 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a...

Security Bulletin: A vulnerability in OpenSSL affects GCM16 & GCM32 KVM Switch Firmware (CVE-2019-1551)

Summary IBM GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL. Vulnerability Details CVEID: CVE-2019-1551 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x6464 Montgomery squaring procedure used...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware

Summary IBM GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing...

Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)

Summary OpenSSL vulnerabilities were disclosed on December 3, 2015 by the OpenSSL Project. OpenSSL is used by LCM8 and LCM16 KVM Switch Firmware and GCM16 and GCM32 KVM Switch Firmware. LCM8 and LCM16 KVM Switch Firmware and GCM16 and GCM32 KVM Switch Firmware have addressed the applicable CVEs...

Security Bulletin: Vulnerability in OpenSSL affects LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware (CVE-2016-8610)

Summary LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL. Vulnerability Details Summary LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerability in OpenSSL...

Security Bulletin: Three potential vulnerabilities in IBM GCM16/GCM32 Global Console Managers (CVE-2014-3085, CVE-2014-3081, CVE-2014-3080)

Summary Three potential vulnerabilities have been discovered in IBM GCM16/GCM32 Global Console Manager KVM Switches Vulnerability Details Abstract Three potential vulnerabilities have been discovered in IBM GCM16/GCM32 Global Console Manager KVM Switches Content Vulnerability Details: CVE ID:...

Security Bulletin: IBM GCM16 KVM Switch Remote Command Execution (CVE-2013-0526)

Summary Unsanitized web application variables allow a remote authenticated user to execute unauthorized commands as root. Vulnerability Details Summary Unsanitized web application variables allow a remote authenticated user to execute unauthorized commands as root. Vulnerability details CVE ID:...

CVE-2014-3085

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

CVE-2014-3081

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter...

Code injection

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

Code injection

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter...

CVE-2014-3081

CVE-2014-3081 affects IBM Global Console Manager switches (GCM16/GCM32). The vulnerability allows a remote authenticated user to read arbitrary files via the filename parameter in prodtest.php, on firmware versions prior to 1.20.20.23447. IBM’s security bulletin confirms this issue and provides t...

CVE-2014-3085

systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter...

CVE-2014-3080

What’s affected: IBM Global Console Manager switches GCM16/GCM32 (firmware 1.20.0.22575 and earlier). Vulnerability type: Cross-site scripting (XSS) due to improper input validation. Where it lies: Web interface via vulnerable endpoints (kvm.cgi query string, avctalert.php key parameter). Impact:...

CVE-2014-3085

Affected product : IBM Global Console Manager switches (GCM16 and GCM32). Version impact : firmware versions prior to 1.20.20.23447 are affected. Vulnerability : CVE-2014-3085 — Improper handling in systest.php allows a remote authenticated attacker to execute arbitrary commands via shell metacha...

CVE-2014-3080

Multiple cross-site scripting XSS vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to kvm.cgi or 2 the key parameter to avctalert.php...

IBM GCM16/32 1.20.0.22575 - 多个漏洞

No description provided by source. Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. Versions v1.20.0.22575 and prior are vulnerables. Note that this vulnerability is also present in some DELL and probably other vendor...